Description
In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the extra rtnl_lock causes deadlock below [ 141.420169] <TASK> [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] do_syscall_64+0x5b/0x80 [ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.432482] ? do_syscall_64+0x67/0x80 [ 141.432714] ? exc_page_fault+0x64/0x140 [ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc Since the igb_disable_sriov() will call pci_disable_sriov() before releasing any resources, the netdev core will synchronize the cleanup to avoid any races. This patch removes the useless rtnl_(un)lock to guarantee correctness.
Product status
5773a1e6e5ba9f62c4573c57878d154fda269bc2 (git) before 0dabb72b923e17cb3b4ac99ea1adc9ef35116930
2e8a30c1d994d91099fa8762f504b2ac9dce2cf7 (git) before 7d845e9a485f287181ff81567c3900a8e7ad1e28
55197ba6d64d48f1948e6e1f52482e0e3e38e1bf (git) before cd1e320ac0958298c2774605ad050483f33a21f2
0f516dcd1456b18b56a7de0c1f67b8a4aa54c2ef (git) before 4d2626e10709ff8474ffd1a9db3cf4647569e89c
8ee44abe4cae06713db33e0a3b1e87bfb95b13ef (git) before 66e5577cabc3d463eea540332727929d0ace41c6
6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 (git) before 62a64645749926f9d75af82a96440941f22b046f
6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 (git) before de91528d8ba274c614a2265077d695c61e31fd43
6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 (git) before 65f69851e44d71248b952a687e44759a7abb5016
64c0c233a88591bb23569ae12eed7f74e5bd39ce (git)
4.14.291 (semver) before 4.14.312
4.19.256 (semver) before 4.19.280
5.4.211 (semver) before 5.4.240
5.10.138 (semver) before 5.10.177
5.15.63 (semver) before 5.15.105
5.19.4 (semver) before 5.20
6.0
Any version before 6.0
4.14.312 (semver)
4.19.280 (semver)
5.4.240 (semver)
5.10.177 (semver)
5.15.105 (semver)
6.1.22 (semver)
6.2.9 (semver)
6.3 (original_commit_for_fix)
References
git.kernel.org/...c/0dabb72b923e17cb3b4ac99ea1adc9ef35116930
git.kernel.org/...c/7d845e9a485f287181ff81567c3900a8e7ad1e28
git.kernel.org/...c/cd1e320ac0958298c2774605ad050483f33a21f2
git.kernel.org/...c/4d2626e10709ff8474ffd1a9db3cf4647569e89c
git.kernel.org/...c/66e5577cabc3d463eea540332727929d0ace41c6
git.kernel.org/...c/62a64645749926f9d75af82a96440941f22b046f
git.kernel.org/...c/de91528d8ba274c614a2265077d695c61e31fd43
git.kernel.org/...c/65f69851e44d71248b952a687e44759a7abb5016